VYPR
Critical severity9.8NVD Advisory· Published Nov 23, 2017· Updated Jun 17, 2026

CVE-2017-16931

CVE-2017-16931

Description

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Xmlsoft/Libxml22 versions
    cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*range: <=2.9.4
    • (no CPE)range: <2.9.5
  • Range: <2.9.5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.